Access Control Model for Modern Virtual e-Government Services: Saudi Arabian Case Study

e-Government services require intensive information exchange and interconnection among governmental agencies to provide specialized online services and allow informed decision-making. This could compromise the integrity, confidentiality, and/or availability of the information being exchanged. Government agencies are accountable and liable for the protection of information they possess and use on a least privilege security principle basis even after dissemination. However, traditional access control models are short of achieving this as they do not allow dynamic access to unknown users to the system, they do not provide security controls at a fine-grained level, and they do not provide persistent control over this information. This paper proposes a novel secure access control model for cross-governmental agencies. The secure model deploys a Role-centric Mandatory Access Control MAC (R-MAC) model, suggests a classification scheme for e-Government information, and enforces its application using XML security technologies. By using the proposed model, privacy could be preserved by having dynamic, persistent, and fine-grained control over their shared information.

[1]  Hamdan Hasan Al-Onizat,et al.  E-Government and Security Requirements for Information Systems and Privacy , 2012 .

[2]  Sujata Banerjee,et al.  Scalable Access Control ForWeb Services , 2007, Fifth International Conference on Creating, Connecting and Collaborating through Computing (C5 '07).

[3]  Yong Gan,et al.  Web Services Security Based on XML Signature and XML Encryption , 2010, J. Networks.

[4]  Mario Ciampi,et al.  An access control model to minimize the data exchange in the information retrieval , 2015, Journal of Ambient Intelligence and Humanized Computing.

[5]  Marc M. Lankhorst,et al.  Enterprise Architecture at Work - Modelling, Communication and Analysis, 2nd Edition , 2005, The Enterprise Engineering Series.

[6]  Jon A. Solworth,et al.  The Complexity of Discretionary Access Control , 2006, IWSEC.

[7]  Murathan Kurfali,et al.  Adoption of e-government services in Turkey , 2017, Comput. Hum. Behav..

[8]  R. Menaka,et al.  Survey on Signatured Xml Encryption for Multi-Tier Web Services Security , 2016 .

[9]  Hella Kaffel Ben Ayed,et al.  A generic Kerberos-based access control system for the cloud , 2016, Ann. des Télécommunications.

[10]  Weiqi Luo,et al.  The Study of Access Control Model Using XML , 2015 .

[11]  Howard Rosenbaum,et al.  Effects of reading proficiency on embedded stem priming in primary school children , 2021 .

[12]  Ali Al Mazari,et al.  Factors Affecting the Development of e-Government in Saudi Arabia , 2012, EGOVIS/EDEM.

[13]  Xin Jin,et al.  RABAC: Role-Centric Attribute-Based Access Control , 2012, MMM-ACNS.

[14]  Latha Parthiban,et al.  An Enhanced Symmetric Role-Based Access Control Using Fingerprint Biometrics for Cloud Governace , 2013, CloudCom 2013.

[15]  Nermin Hamza,et al.  Security Model in E-government with Biometric based on PKI , 2014 .

[16]  Mamdouh G. Salameh Saudi Arabia's Vision 2030: A Reality or Mirage , 2016 .

[17]  K. Soyjaudah,et al.  Information security governance for e-services in southern African developing countries e-Government projects , 2016 .

[18]  V. Kavitha,et al.  A survey on security issues in service delivery models of cloud computing , 2011, J. Netw. Comput. Appl..

[19]  Steve Drew,et al.  A Comprehensive Analysis of E-government services adoption in Saudi Arabia: Obstacles and Challenges , 2012 .

[20]  Rupak Majumdar,et al.  Fine-Grained Access Control with Object-Sensitive Roles , 2009, ECOOP.

[21]  Wu Zhong Research on E-Government Security Model , 2010, 2010 International Conference on E-Business and E-Government.

[22]  Norah Farooqi Applying dynamic trust based access control to improve XML databases' security , 2013 .

[23]  Samir Chatterjee,et al.  A Design Science Research Methodology for Information Systems Research , 2008 .

[24]  Ravi S. Sandhu,et al.  Towards an Attribute Based Constraints Specification Language , 2013, 2013 International Conference on Social Computing.

[25]  K Chitharanjan,et al.  Security of Data in Cloud based E-Governance System , 2012 .

[26]  Etienne J. Khayat,et al.  A Formal Model for Parameterized Role-Based Access Control , 2004, Formal Aspects in Security and Trust.

[27]  R. A. K. Saravanaguru,et al.  Securing Web Services Using XML Signature and XML Encryption , 2013, ArXiv.

[28]  S. Elsheikh Access control scheme for Web services ( ACSWS ) , 2008, 2008 International Conference on Computer and Communication Engineering.

[29]  Mohd Adam Suhaimi,et al.  E-government implementation in the Kingdom of Saudi Arabia: an exploratory study on current practices, obstacles and challenges , 2014 .

[30]  Ali M. Al-Khouri,et al.  Electronic Government in the GCC Countries , 2008 .

[31]  Ernesto Damiani,et al.  A Web Service Architecture for Enforcing Access Control Policies , 2004, VODCA@FOSAD.

[32]  Ching-Hu Lu,et al.  Multilayered information encryption scheme with fine-grained authentication , 2015, 2015 Asia-Pacific Signal and Information Processing Association Annual Summit and Conference (APSIPA).

[33]  Jim Alves-Foss,et al.  Combining Mandatory and Attribute-Based Access Control , 2016, 2016 49th Hawaii International Conference on System Sciences (HICSS).

[34]  Tai-hoon Kim,et al.  Model Based Threat and Vulnerability Analysis of E-Governance Systems , 2010 .

[35]  Sylvia L. Osborn,et al.  A Design for Parameterized Roles , 2004, DBSec.

[36]  Bimlendu Prasad Verma A novel approach for Multi-Tier security for XML based documents , 2012 .

[38]  Zora Konjovic,et al.  Context-Sensitive Access Control Model for Government Services , 2012, J. Organ. Comput. Electron. Commer..

[39]  Xin Jin,et al.  A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC , 2012, DBSec.

[40]  Manuel Pérez Cota,et al.  Potential dimensions for a local e-Government services quality model , 2016, Telematics Informatics.

[41]  D. Richard Kuhn,et al.  Adding Attributes to Role-Based Access Control , 2010, Computer.

[42]  Santanu Chatterjee,et al.  An efficient fine grained access control scheme based on attributes for enterprise class applications , 2014, 2014 International Conference on Signal Propagation and Computer Technology (ICSPCT 2014).

[43]  Rajender Nath,et al.  An Authorization Mechanism for Access Control of Resources in the Web Services Paradigm , 2011 .

[44]  Dong-Her Shih,et al.  An implementation framework for E-Government 2.0 , 2015, Telematics Informatics.

[45]  Azhar Susanto,et al.  Research Program on Key Success Factors of e-Government and Their Impact on Accounting Information Quality , 2015 .

[46]  Lauri Tabur,et al.  MINISTRY OF INTERIOR , 2000 .

[47]  W. Alex Gray,et al.  Information Security Requirements in Patient-Centred Healthcare Support Systems , 2013, MedInfo.

[48]  Othman O. Khalifa,et al.  E-Government - an information security perspective , 2016 .

[49]  Omar Ali,et al.  A proposed Design of a Framework for Sudanese E-Government Security Model , 2017 .

[50]  Hassan Zaki,et al.  SECURITY ISSUES IN CLOUD COMPUTING AND COUNTERMEASURES , 2011 .

[51]  Yanchun Zhang,et al.  Privacy-aware access control with trust management in web service , 2011, World Wide Web.

[52]  Peter Burnap,et al.  Towards Information Sharing in Virtual Organisations: The Development of an Icon-based Information Control Model , 2010 .